Understanding Method Lists | Cisco Systems OL-16066-01 guide

Appendix K Router Platform User Interface Reference

AAA Policy Page

	• Understanding Method Lists, page 15-69
	• AAA Server Group Dialog Box, page F-12
	• Predefined AAA Authentication Server Groups, page 9-15
	Field Reference
Table K-38	AAA Page—Authentication Tab

Element		Description

Enable Device Login		When selected, enables the authentication of all users when they log in to the
Authentication		device, using the methods defined in the method list.
		When deselected, authentication is not performed.

Prioritized Method List		Defines a sequential list of methods to be queried when authenticating a user.
		Enter the names of one or more AAA server group objects (up to four), or
		click Select to display an Object Selectors, page F-593. Use the up and down
		arrows in the object selector to define the order in which the selected server
		groups should be used.
		The device tries initially to authenticate users using the first method in the
		list. If that method fails to respond, the device tries the next method, and so
		on, until a response is received.
		Supported methods include Line, Local, Kerberos, RADIUS, TACACS+,
		and None.
		Note If you select None as a method, it must appear as the last method in
		the list.

Maximum Number of		The maximum number of unsuccessful authentication attempts before a user
Attempts		is locked out. This feature is disabled by default. Valid values range from 1
		to 65535.
		Note From the standpoint of the user, there is no distinction between a
		normal authentication failure and an authentication failure due to
		being locked out. The system administrator has to explicitly clear the
		status of a locked-out user using clear commands.

		User Guide for Cisco Security Manager 3.2
		User Guide for Cisco Security Manager 3.2
	OL-16066-01			K-89
	OL-16066-01			K-89

Image 89

Cisco Systems OL-16066-01 appendix Understanding Method Lists, AAA Server Group Dialog Box, page F-12

Contents

Router Platform User Interface Reference Dhcp Policy Page, page K-167 NTP Policy Page, page K-174 CPU Policy Page, page K-107 NAT Policy NAT Page-Interface Specification TabFor more information, see NAT on Cisco IOS Routers, Chapter K, Router Platform User Interface Reference Related Topics Edit Interfaces Dialog Box-NAT Inside Interfaces Field Reference Edit Interfaces Dialog Box-NAT Outside Interfaces NAT Page-Static Rules Tab Information, see Filtering Tables, NAT Static Rule Dialog Box Defining Static NAT Rules, Basic Interface Settings on Cisco IOS Routers,Disabling the Alias Option for Attached Subnets, Disabling the Payload Option for Overlapping Networks, Table K-5 NAT Static Rule Dialog Box Table K-5 NAT Static Rule Dialog Box Appendix K Router Platform User Interface Reference For more information, see Defining Dynamic NAT Rules, NAT Page-Interface Specification Tab, page K-3NAT Page-Dynamic Rules Tab NAT Dynamic Rule Dialog Box F-593 Object Selectors, page F-593 NAT Page-Timeouts Tab Specifying NAT Timeouts, Router Interfaces Create Router Interface Dialog Box Table Columns and Column Heading Features, Enabled Type Name Parent BRI, PRI Isdn Discontiguous Network Masks, Table K-10 Create Router Interface Dialog Box MTU Vlan ID Dlci Interface Auto Name Generator Dialog Box Advanced Interface Settings CDP Available Interface Types, Advanced Interface Settings Dialog Box You can create an interface role object For more information, see Understanding Helper Addresses, Eguide09186a00804247fc.htmlSelectors, page F-593 Cisco Discovery Protocol settings Table K-13 Advanced Interface Settings Dialog Box 00800a3ded.shtml Fragreassmps6441TSDProductsConfigurationGuideChapter.htmlVFR ACL AIM-IPS Interface Settings IPS Monitoring Information Dialog Box Dialer Policy Configuring Dial Backup, SPID2 Dialer Profile Dialog BoxSPID1 Table K-17 Dialer Profile Dialog Box Dialer Physical Interface Dialog Box Isdn BRI Adsl Policy Adsl on Cisco IOS Routers, Defining Adsl Settings, PVC Policy Page, page K-54 Adsl Settings Dialog Box Supported by each card type may cause deployment to fail Table K-20 Adsl Settings Dialog Box Shdsl Policy Edit the selected DSL controller definition Shdsl on Cisco IOS Routers, Dialog Box, page K-53 Shdsl Controller Dialog BoxDefining Shdsl Controllers, User Guide for Cisco Security Manager CPE Table K-22 Shdsl Dialog Box Controller Auto Name Generator Dialog Box PVC Policy PVC PVC IDPVC OAM OAM-PVC Defining ATM PVCs, PVC Dialog Box Table K-25 PVC Dialog Box Inverse ARP. See PVC Dialog Box-Protocol Tab, page K-67 PVC Dialog Box-Settings Tab, page K-59PVC. See PVC Dialog Box-QoS Tab, page K-63 PVC Dialog Box-Settings Tab Ilmi VPIVCI PVC Resources are freed for other dial-in users PPP PVC Dialog Box-QoS TabDialog Box-Protocol Tab, page K-67 Understanding Policing and Shaping Parameters, Quality of Service Policy Page, page K-199 CBR Service Classes,ABR UBR+ UBRVBR-NRT VBR-RT PVC Dialog Box-Protocol Tab PVC Dialog Box, page K-56 Defining ATM PVCs, Define Mapping Dialog Box Type for the PVC. See PVC Dialog Box-Settings Tab, page K-59 PVC Advanced Settings Dialog Box Advanced Settings Dialog Box-OAM Tab, page K-70 PVC Advanced Settings Dialog Box-OAM TabAdvanced Settings Dialog Box-OAM-PVC Tab, page K-73 Go to the PVC Dialog Box, page K-56, then click Advanced PVC Dialog Box, page K-56 Table K-31 PVC Advanced Settings Dialog Box-OAM Tab OAM-PVC tab PVC Advanced Settings Dialog Box-OAM-PVC Tab Table K-32 PVC Advanced Settings Dialog Box-OAM-PVC Tab Table K-32 PVC Advanced Settings Dialog Box-OAM-PVC Tab PPP/MLP Policy Table K-33 PPP/MLP Defining PPP Connections, PPP Dialog Box Connection. See PPP Dialog Box-PPP Tab, page K-80 PPP Dialog Box-MLP Tab, page K-84 PPP Dialog Box-PPP TabTab, page K-84 Table K-35 PPP Dialog Box-PPP Tab It for other PPP connections on this device Chap Authentication settings MLP PPP Dialog Box-MLP TabPPP Dialog Box-PPP Tab, page K-80 Advance None-Negotiation is conducted without using an endpoint AAA Policy Defining AAA Services, AAA Page-Authentication Tab AAA Server Group Dialog Box, page F-12 Predefined AAA Authentication Server Groups,Understanding Method Lists, AAA Page-Authorization Tab Information, see Filtering Tables, Command Authorization Dialog Box AAA Page-Accounting Tab Table K-41 AAA Page-Accounting Tab See description Table N-91 on page N-131 Command Accounting Dialog Box Server groups configured with TACACS+ Accounts and Credential s Policy Table K-43 Accounts and Credentials 100 User Account Dialog Box Defining Accounts and Credential Policies, Understanding FlexConfig Objects,User Accounts and Device Credentials on Cisco IOS Routers, MD5 102 Bridging PolicyBridging on Cisco IOS Routers, 103 Bridge Group Dialog Box 104 Clock Policy 105 106 107 CPU Policy 108 109 110 Http Policy 111 Http Page-Setup TabHttp and Https on Cisco IOS Routers, 112 Http Page-AAA TabHttps 113 Http Page-Setup Tab, page K-111 114 115 Http Policy Page, page K-110 Command Authorization Override Dialog BoxAAA Policy Page, page K-87 116 117 Console Policy 118 Console Page-Setup TabVTY Line Dialog Box-Setup Tab, page K-132 119 120 121 Console Page-Authentication Tab 122 Page-Authentication Tab, page K-88 123 Console Page-Authorization Tab 124 125 Console Page-Accounting Tab 126 127 Page-Accounting Tab, page K-93 128 129 VTY Policy 130 Dialog Box-Setup Tab, page K-132 Line Access on Cisco IOS Routers,VTY Line Dialog Box 131 Defining VTY Line Setup Parameters, VTY Line Dialog Box-Setup TabConsole Page-Setup Tab, page K-118 132 133 134 Policy. See Http Page-Setup Tab, page K-111 135 136 VTY Line Dialog Box-Authentication Tab 137 VTY Line Dialog Box-Authorization Tab 138 Page-Authorization Tab, page K-90 139 VTY Line Dialog Box-Accounting Tab 140 141 142 143 Command Authorization Dialog Box-Line AccessConsole Policy Page, page K-117 VTY Policy Page, page K-129 144 Level. See Command Accounting Dialog Box, page K-96 145 Command Accounting Dialog Box-Line Access 146 147 Secure Shell Policy 148 Box-Setup Tab, page K-132 149 Snmp PolicyFor more information, see Defining Snmp Agent Properties, 150 Snmp on Cisco IOS Routers, 151 Permission Dialog BoxGenerate. See Snmp Traps Dialog Box, page K-155 Snmp Traps Dialog Box, page K-155 Trap Receiver Dialog Box, page K-153Defining Snmp Agent Properties, 152 153 Trap Receiver Dialog BoxPermission Dialog Box, page K-151 154 155 Snmp Traps Dialog Box 156 For more information, see Understanding IKE, 157 158 DNS Policy 159 IP Host Dialog BoxDNS on Cisco IOS Routers, 160 Hostname PolicyHostnames and Domain Names on Cisco IOS Routers, 161 For more information, see Defining Router Memory Settings,Memory Policy 162 163 Secure Device Provisioning PolicySecure Device Provisioning on Cisco IOS Routers, Secure Device Provisioning Workflow, Administrative Introducers,Understanding PKI Enrollment Objects, Click Select to display an Object Selectors, page F-593 165 166 For more information, see Defining Dhcp Policies, Dhcp PolicyDhcp on Cisco IOS Routers, 167 168 To display an Object Selectors, page F-593Definition, page 9-153and Supported IP Address Formats, 169 Defining Dhcp Policies, Dhcp Database Dialog BoxIP Pool Dialog Box, page K-171 170 171 IP Pool Dialog Box 172 Select to display an Object Selectors, page F-593 173 Ddhhmm 174 NTP PolicyFor more information, see Defining NTP Servers, 175 NTP Server Dialog Box, page K-176 176 NTP Server Dialog Box 177 Policy Page, page K-174 178 K-174 179 802.1x PolicyFor more information, see Defining 802.1x Policies, 180 Or click Add to display an Object Selectors, page F-593Defined here. See PPP Dialog Box, page K-78 181 182 183 Network Admission Control Page-Setup TabNetwork Admission Control Policy 184 Defining NAC Setup Parameters, 185 Configuration Dialog Box, page K-187More information, see Working with Access Rules, Network Admission Control Page-Interfaces Tab Network Admission Control Page-Setup Tab, page K-183Defining NAC Interface Parameters, 186 187 NAC Interface Configuration Dialog Box 188 Page, page F-31 189 Network Admission Control Page-Identities TabDefining NAC Identity Parameters, 190 NAC Identity Profile Dialog Box NAC Identity Action Dialog Box, page K-191 NAC Identity Action Dialog BoxActions, see NAC Identity Action Dialog Box, page K-191 NAC Identity Profile Dialog Box, page K-190 Intercept ACL. See NAC Interface Configuration Dialog Box Logging Setup PolicyBox, page K-190 K-187 193 194 Information, see -5 on 195 196 197 Syslog Servers PolicyFor more information, see Defining Syslog Servers, 198 Syslog Server Dialog BoxXML Defining Syslog Servers, Quality of Service PolicyLogging on Cisco IOS Routers, Understanding Network/Host Objects, Understanding Control Plane Policing, Defining QoS Policies,CIR 200 201 202 QoS Policy Dialog Box Quality of Service on Cisco IOS Routers,K-205 203 204 205 QoS Class Dialog Box 206 Box-Queuing and Congestion Avoidance Tab, page K-212 Box-Matching Tab, page K-208Dialog Box-Policing Tab, page K-214 Tab, page K-217 208 QoS Class Dialog Box-Matching Tab F-593. For more information, see Edit ACLs Dialog Box-QoS DscpClasses, page K-210 209 210 Edit ACLs Dialog Box-QoS ClassesDefining QoS Class Matching Parameters, 211 QoS Class Dialog Box-Marking Tab 212 QoS Class Dialog Box-Queuing and Congestion Avoidance Tab 213 214 QoS Class Dialog Box-Policing Tab 215 216 217 QoS Class Dialog Box-Shaping Tab 218 219 BGP Routing Policy Defining BGP Routes, BGP Page-Setup TabSupported IP Address Formats, 220 221 Dialog Box, page K-222 222 Neighbors Dialog Box BGP Page-Redistribution Tab BGP Page-Setup Tab, page K-220Redistributing Routes into BGP, 223 224 BGP Redistribution Mapping Dialog Box 225 226 Eigrp Page-Setup TabEigrp Routing Policy 227 Eigrp Setup Dialog Box 228 Defining Eigrp Routes, Eigrp Page-Interfaces Tab Eigrp Page-Setup Tab, page K-226Edit Interfaces Dialog Box-EIGRP Passive Interfaces 229 230 Defining Eigrp Interface Properties, 231 Systems, see Eigrp Setup Dialog Box, page K-227Eigrp Interface Dialog Box 232 Eigrp Page-Redistribution Tab 233 Redistributing Routes into EIGRP, Eigrp Redistribution Mapping Dialog BoxPage-Redistribution Tab, page K-223 234 235 236 Ospf Interface Policy 237 Ospf Interface Dialog Box Defining Ospf Interface Settings,Ospf Routing on Cisco IOS Routers, 238 239 240 241 242 Objects, 243 Ospf Process Page-Setup TabOspf Process Policy 244 Defining Ospf Process Settings, 245 Ospf Setup Dialog Box 246 Ospf Process Page-Setup Tab, page K-243Edit Interfaces Dialog Box-OSPF Passive Interfaces 247 Defining Ospf Area Settings,Ospf Process Page-Area Tab 248 Ospf Area Dialog Box 249 Ospf Process Page-Redistribution Tab 250 251 Ospf Redistribution Mapping Dialog Box 252 253 Ospf Redistribution Mapping Dialog Box, page K-251 Ospf Max Prefix Mapping Dialog BoxK-243 254 255 RIP Page-Setup TabRIP Routing Policy 256 Defining RIP Setup Parameters,An Object Selectors, page F-593 257 RIP Page-Authentication TabEdit Interfaces Dialog Box-RIP Passive Interfaces 258 Defining RIP Interface Authentication Settings,RIP Page-Setup Tab, page K-255 259 RIP Authentication Dialog Box 260 Redistribution tab. See RIP Page-Setup Tab, page K-255RIP Page-Redistribution Tab 261 RIP Redistribution Mapping Dialog BoxRedistributing Routes into RIP, 262 263 Static Routing PolicyStatic Routing on Cisco IOS Routers, 264 Static Routing Dialog Box 265 Defining Static Routes, 266 267 268